Most people are familiar with the term Information Technology (IT), which covers the spectrum of technologies for information processing, including software, hardware, communications technologies and related services. Operation Technology (OT) applies IT concepts to hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. For example, OT networks interconnect industrial control systems such as programmable logic controllers, supervisory control and data acquisition systems, distributed control systems, process control domains, safety instrumented systems, and building management and automation systems.
The Industrial Internet is a huge new opportunity for growth and efficiency. To realize this value, OT environments need to be connected. With production systems becoming more interconnected, the exposure to cyber incidents increases. Attacks and disruptions on critical infrastructure put reputation, production, people, and profits at risk.
Traditionally, OT networks have operated separately from IT networks. For example, OT networks utilized proprietary protocols optimized for the required functions, some of which have become adopted as ‘standard’ industrial communications protocols (e.g., DNP3, Modbus, Profibus, RTU, CANBUS, HART, DeviceNet). More recently, IT-standard network protocols are being implemented in OT devices and systems to reduce complexity and increase compatibility with more traditional IT hardware TCP/IP). This has led to a demonstrable reduction in security for OT systems.
Network security systems are designed to protect critical infrastructure, control systems and OT assets. Network security systems provide protection from cyber threats and vulnerabilities in OT environments by monitoring and blocking malicious activity and misconfiguration to promote OT safety and protect productivity. While effective, configuring a network security system is a difficult and time intensive manual task. For example, a network administrator is often tasked with manually generating whitelist policies that identify commands that should be allowed within the network. This requires the network administrator to analyze the software services running on the devices in the network and determine the commands that are likely to be transmitted to provide the software services. Accordingly, improvements are needed.